about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixos/tests/pomerium.nix7
-rw-r--r--pkgs/servers/http/pomerium/default.nix20
-rw-r--r--pkgs/servers/http/pomerium/package.json (renamed from pkgs/servers/http/pomerium/pomerium-ui-package.json)2
-rwxr-xr-xpkgs/servers/http/pomerium/updater.sh23
-rw-r--r--pkgs/servers/http/pomerium/yarn-hash1
5 files changed, 43 insertions, 10 deletions
diff --git a/nixos/tests/pomerium.nix b/nixos/tests/pomerium.nix
index 7af8283264489..abaf56c518e05 100644
--- a/nixos/tests/pomerium.nix
+++ b/nixos/tests/pomerium.nix
@@ -20,6 +20,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
   }; in {
     pomerium = { pkgs, lib, ... }: {
       imports = [ (base "192.168.1.1") ];
+      environment.systemPackages = with pkgs; [ chromium ];
       services.pomerium = {
         enable = true;
         settings = {
@@ -98,5 +99,11 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
         pomerium.succeed(
             "curl -L --resolve login.required:80:127.0.0.1 http://login.required | grep 'hello I am login page'"
         )
+
+    with subtest("ui"):
+        pomerium.succeed(
+          # check for a string that only appears if the UI is displayed correctly
+            "chromium --no-sandbox --headless --disable-gpu --dump-dom --host-resolver-rules='MAP login.required 127.0.0.1:80' http://login.required/.pomerium | grep 'contact your administrator'"
+        )
   '';
 })
diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix
index 8e41aa8590b50..d78a4cc74c059 100644
--- a/pkgs/servers/http/pomerium/default.nix
+++ b/pkgs/servers/http/pomerium/default.nix
@@ -14,25 +14,24 @@ let
 in
 buildGoModule rec {
   pname = "pomerium";
-  version = "0.20.0";
+  version = "0.21.2";
   src = fetchFromGitHub {
     owner = "pomerium";
     repo = "pomerium";
     rev = "v${version}";
-    sha256 = "sha256-J8ediRreV80lzPcKIOSl1CNHp04ZW9ePyNyejlN50cE=";
+    sha256 = "sha256-wsfbG4VAS3U3voDdry35QlWknlWIfThZQalf9S/9GO0=";
   };
 
-  vendorSha256 = "sha256-V8asyi1Nm+h3KK/loBRZQN6atfEGUEdRydeZsp9wyQY=";
+  vendorSha256 = "sha256-8g3jhxKIT0EGUXh0hrvDbw3i04khqlAfGzM6k4q3O8g=";
 
   ui = mkYarnPackage {
     inherit version;
     src = "${src}/ui";
 
-    # update pomerium-ui-package.json when updating package, sourced from ui/package.json
-    packageJSON = ./pomerium-ui-package.json;
+    packageJSON = ./package.json;
     offlineCache = fetchYarnDeps {
       yarnLock = "${src}/ui/yarn.lock";
-      sha256 = "sha256:1n6swanrds9hbd4yyfjzpnfhsb8fzj1pwvvcg3w7b1cgnihclrmv";
+      sha256 = lib.fileContents ./yarn-hash;
     };
 
     buildPhase = ''
@@ -111,9 +110,12 @@ buildGoModule rec {
     install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium
   '';
 
-  passthru.tests = {
-    inherit (nixosTests) pomerium;
-    inherit pomerium-cli;
+  passthru = {
+    tests = {
+      inherit (nixosTests) pomerium;
+      inherit pomerium-cli;
+    };
+    updateScript = ./updater.sh;
   };
 
   meta = with lib; {
diff --git a/pkgs/servers/http/pomerium/pomerium-ui-package.json b/pkgs/servers/http/pomerium/package.json
index 6b9dcf4a3e8d9..37227248672c9 100644
--- a/pkgs/servers/http/pomerium/pomerium-ui-package.json
+++ b/pkgs/servers/http/pomerium/package.json
@@ -29,7 +29,7 @@
     "@fontsource/dm-sans": "^4.5.1",
     "@mui/icons-material": "^5.3.1",
     "@mui/material": "^5.4.0",
-    "luxon": "^2.3.0",
+    "luxon": "^2.5.2",
     "markdown-to-jsx": "^7.1.7",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
diff --git a/pkgs/servers/http/pomerium/updater.sh b/pkgs/servers/http/pomerium/updater.sh
new file mode 100755
index 0000000000000..0df47268ca965
--- /dev/null
+++ b/pkgs/servers/http/pomerium/updater.sh
@@ -0,0 +1,23 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p gnugrep coreutils curl wget jq nix-update prefetch-yarn-deps
+
+set -euo pipefail
+pushd "$(dirname "${BASH_SOURCE[0]}")"
+
+owner="pomerium"
+repo="pomerium"
+version=`curl -s "https://api.github.com/repos/$owner/$repo/tags" | jq -r .[0].name | grep -oP "^v\K.*"`
+url="https://raw.githubusercontent.com/$owner/$repo/v$version/"
+
+if [[ "$UPDATE_NIX_OLD_VERSION" == "$version" ]]; then
+    echo "Already up to date!"
+    exit 0
+fi
+
+rm -f package.json yarn.lock
+wget "$url/ui/yarn.lock" "$url/ui/package.json"
+echo $(prefetch-yarn-deps) > yarn-hash
+rm -f yarn.lock
+
+popd
+nix-update pomerium --version $version
diff --git a/pkgs/servers/http/pomerium/yarn-hash b/pkgs/servers/http/pomerium/yarn-hash
new file mode 100644
index 0000000000000..fec5f1f3c7e87
--- /dev/null
+++ b/pkgs/servers/http/pomerium/yarn-hash
@@ -0,0 +1 @@
+085nghha82q30b3vgzs76xsa85kbxqk7mjrknxxc5z7awrjhdmkb
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-28 20:15:58 +0000